Pages

About us

H4xOrin' T3h WOrLd

Sunny Kumar is a computer geek and technology blogger. He is a founder and editor of H4xOrin’ T3h WOrLd web-site. Always passionate about Ethical Hacking, Penetration Testing of Web applications, security, gadgets and ev-erything to go with it.His goal of life is to raise the awareness of Information Security, which is nowadays is the key to a successful business.

Facebook profiles can be hijacked by Chrome extensions malware

Cybercriminals
are uploading malicious Chrome browser extensions to the official
Chrome Web Store and use them to hijack Facebook accounts, according to
security researchers from Kaspersky Lab. The rogue extensions are
advertised on Facebook by scammers and claim to allow changing the color
of profile pages, tracking profile visitors or even removing social
media viruses.

The attacks manifest as suggestions to
download Facebook apps. Those apps are, alas, not real. Instead they
are malware and, in one case, a malware-laden Chrome extension hosted in
Google's very own Chrome Web Store. To do that, they must follow a
series of steps, which include installing a fake Adobe Flash Player
Chrome extension. The launchpad for the fake Flash Player is a Facebook
app called “Aprenda”. If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension.

“This
last one caught our attention not because it asks the user to install a
malicious extension, but because the malicious extension is hosted at
the official Google's Chrome Web Store. If the user clicks on ‘install
application’ he will be redirected to the official store. The malicious
extension presents itself as “Adobe Flash Player”, wrote Fabio Assolini. "Be careful when using Facebook. And think twice before installing a Google Chrome extension," he adds.

Uploading multiple rogue
extensions on the Chrome Web Store and running several Facebook spam
campaigns to advertise them allows attackers to quickly compromise
thousands of accounts. The malware operates in much the same way as
other Facebook scams, such as inviting friends to install it, however
the purpose of the highjacking accounts is to generate fraudulent
"Likes" which are sold for about US$27 per 1,000.

Now, the extension Assolini
found was concentrated in Brazil, where Chrome enjoys 45% of the browser
market and Facebook is by far the most popular social network. That
does not, however, mean that the problem is isolated to Brazil. The
malicious extension was installed in numerous countries, including the
U.S..

With these potential security risks in mind, "Think twice before installing a Google Chrome extension".